On 2015-07-07 15:19:18 (+0100), Joshua Lee Tucker wrote:
On 7/7/15, teor teor2345@gmail.com wrote:
Organisation X experiences an attack on their website via an IP address
Organisation X experiences a SSH login/password scan via an IP address
We could split the Exit column in two (web ports, other ports)
I personally don't like displaying the ports in the overview page - I would also much rather have this information displayed in a detail page. (Maybe make the "Exit: Yes" clickable?)
Throwing this idea out there instead of keeping it to myself: what about modifying the form to ask also for the destination port? So the investigator would enter source IP, dest port and date. Can be somewhat confusing due to the source/dest mix, but the "Exit" column in this case would be pretty clear because it would refer only to the required port.